Zip File containing Masked exe Sends CBT Locker Ransomware
This Zip file was found on Malwr.com. Below is the traffic associated with the infection.
ASSOCIATED IP ADDRESSES and DOMAINS:
- 126.96.36.199 – HTTPS – Germany, AS50472 Chaos Computer Club e.V.
- 188.8.131.52 – http://zsn5qtrgfpu4tmpg.onion.lt/
- 184.108.40.206 – HTTPS – Germany, AS250 AS250.net Foundation
Shown above: CBT Locker start-up location using a .pif file to point to payload. Information about .pif file extensions can be found on www.webopedia.com
PAYLOAD FROM MALICIOUS ZIP FILE:
Virus Total Link